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Educating  the  Future  Leaders  of  America’s  Armed  Forces 


Overview 


•  The  research  problem 

•  Objectives 

•  Approach 

•  Completed  and  ongoing  research 

•  Future  research 


The  Problem 


•  Provide  automated  support  in  detecting  computer 

network  outages  and  degradations 

-  Not  enough  to  know  there’s  a  problem... need  to  know 
the  effect  on  the  customer’s  mission 

-  Often  called  the  “holy  grail”  of  network  management 

•  Current  methods  for  this  type  of  problem  are  mostly 

manual  in  nature 

-  Network  management  tools  focus  on  the  network  rather 
than  the  mission 

-  First  indications  of  mission  impact  are  when  people  start 
calling  the  help  desk 

-  Even  when  we  know  there’s  an  outage,  it’s  difficult  to 
explain  the  “so  what?”  factor  to  the  commander 
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Limitations  of  Current  NMS  Technology 


•  Network  Management  Technology  Survey 

-  Network  Auto-Discovery,  Service  Auto-Discovery 

-  Correlation  &  Root-cause  analysis  techniques 

-  Traffic  Flow  Analysis,  Independent  Agent  Systems 

-  Host-based  Intrusion  detection,  Artificial  Immune 
Systems 

-  Active  Networks 


•  Observations 

-  NMS  technologies  allow  increased  visibility  and  control 
but  cannot  relate  network  status  to  mission  capabilities 

-  This  information  is  simply  not  present  in  the  network 
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Why  Is  This  Important? 


■ 


•  If  we  can’t  do  this  now,  how  will  we  do  it  when 
everyone  and  everything  is  networked  into  the  GIG? 

•  Increased  Reliance  on  IT  Raises  Stakes  for  IT 
Service  Providers 

-  E-Business  and  E-Commerce 

-  Network  Centric  Warfare 

-  Capabilities  that  are  enabled  by  IT  resources 

-  Is  there  any  other  kind?? 

•  Bottom  line:  we  need  to  know  what  kind  of  info  is 
traversing  the  network 
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The  Problem 


Currently  no  automated  way  to  tie 
IT  status  to  the  mission 


Customers 


IT  Providers 


IT-enabled  Capabilities 


Debra  Curtis,  Gartner  Group  2004 


Traditional  Network 
Management  focused 
“below  the  water-line” 


Mission  Impact  Analysis... need 
to  automate  link  between  IT 
and  mission 
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Research  Goals 


•  Framework  for  establishing  traceability 
between  systems,  processes,  and  operational 
tasks  and  missions 

-  Compatible  with  existing  COP  and  DoD  products 

-  Practical,  feasible,  maintainable,  complete, 
usable  and  accurate... 

-  Self  awareness,  autopopulating 


Extensible 

-  Build  a  cyberspace  common  operational  picture 
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Multi-Layer  Model  for  Net  Centric  Operations 


Precedes 


are  performed  by 


it 


perform 


People 


use 


it 


used  by 


Applications 


are  supported  by 


it 


provide  support  for 


Systems 


communicate  using 


|,  ^  used  to 


communicate  between 


Physical  Network 


Need  clear  mapping  of  cyber  assets  to  physical 
world  missions,  tasks,  organizations,  etc. 
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Approach 


•  DoD  Architecture  Framework  (DODAF) 

-  Guidance  for  developing  /  presenting  architecture 
descriptions 

-  Used  in  describing  DoD  systems  and  processes 

•  Operational  View  (OV) 

-  Business  process  modeling 

-  Operational  tasks  and  activities,  information  flows 

-  Organizational  relationships 

•  Systems  View  (SV) 

-  Physical  entities  that  make  up  an  architecture 

-  Computer  systems,  networks  &  system  functions 

-  Data  exchanges  and  communication  paths 

-  Link  systems  to  capabilities 
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W  Approach 

w 


•  Use  multi-layer  graph  model  based  on  DODAF 

-  Mission  View 

-  Operational  View 

-  Systems  View 

•  Linkages  between  layers  establish  traceability 

-Top  down  -  facilitates  comm  planning  and 
targeting 

-  Bottom  up  -  facilitates  response  and  attack 
mitigation 
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Layered  Complex  Networks 


•  Marciej  Kurant  and  Patrick  Thiran,  “ Layered  Complex  Networks” 

•  Used  to  study  complex  systems 

-  Multi-layered 

-  Accounts  for  the  interactions  between  and  dependencies  between  physical  and 
logical  layers 

•  The  two-layer  model  with  the  mapping  M(E/)  of  the  logical  graph  GA  on  the 
physical  graph  G0.  The  logical  edge  e/  is  mapped  on  G0  as  the  path 
M(E1a)=(v1°,  v2<*>,  V3O) 

•  “Logical”  Layer  =  City  Pairs 

•  “Traffic  Route”  Mapping  =  Route 
through  Stations 

•  “Physical”  Layer  =  Train  Stations 


Method  for  Incorporating  Structure  of  the  Underlying  Network 
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Multi-Layer  Model  of  NCO 


•  Wong-Jiru  -  2006 

•  Net  Centric  Operations  represent  complex  systems  with  many  different 
interacting  elements 

-  To  measure  net  centricity,  the  complexity  and  interactive  nature  of  NCO  must  be 
modeled 

•  Multi-layer  model  of  NCO 

-  Each  layer  represents  major  contributors  to  NCO 

-  Relationships  are  graphically  represented 

-  Node  and  Edge  definitions  tailored  to  each  layer 


Layer 

Node 

Edge 

Process 

Task 

Transition 

People 

Position 

Information  path, 

working 

relationship 

Application 

Application 

Data-specific 

Interoperability 

System 

Application  support 
node/platform 

Communication 

Interoperability 

Physical 

Network 

Infrastructure 

entities 

Communication 
pathways,  wired  or 
wireless 
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Multi-Layer  Model  of  NCO 
Interlayer  Relationships 


Layers  interact  with  each  other 

Any  failures  or  successes  that  occur  at  the  lower  layers  may 
contribute  (negatively  or  positively)  upon  the  completion  of 
mission  objectives 

Interlayer  relationships  represented  by  mappings 


Process 


es 


are  performed  by 


It 


perform 


People 


use 


It 


used  by 


for  processing  information 
—  for  sharing  information 
for  coiiaboration 


Applications 


are  supported  by 


It 


provide  support  for 


- 

Systems 


communicate  using 


J,  ^  used  to 


communicate  between 


'Physical  Network 


Node  lj|  Mode  liapijfig 

Edge  to  Edge 

V  :  *  :  : 

*  C  fr  *'  v  *  3  : 

Process- 

People 

Allocates  task  to 
people 

Order  or  route  of 
process  tasks 
through  people 

People- 

Applications 

Identifies  the 
applications  used  by 
people 

Route  of  information 
transactions  through 
applications 

Applications 

-Systems 

Identifies  which 
systems  support 
which  applications. 

For  some,  the  system 
and  application  are  the 
same 

Route  of  information 
from  application  to 
application  through 
supporting  systems 

Systems- 

Physical 

Network 

Identifies  which  entry 
points  into  the 
communications 
infrastructure  is 
accessed  by  which 
system 

Route  of 
communications 
from  one  system  to 
another. 

Air  Operations  Center  Model 


Mission  Layer 

-Mission 

-METL 


OV  Layer 

-Organizations 
-Operational  Nodes 
-Tasks 

-Informational  Needlines 

SV  Layer 

-Systems/Servers 

-Networks/Links 

-Functions 

-Data  Exchange  Requirements 
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Information  Tables 


METL 


Mission:  Task  Available 
Capabilities 

Description:  Air  missions  are 
scheduled  to  be  flown  on  a 
specific  day.  Accomplished 
through  the  ATO  production 
process. 


Table  6a,  ATO  Production  Operational  Tasks 


Description 

Operational  Node 

Required  Inputs 

Output 

Mission  Essential 
Tasks  Completed 

Plan  and  Schedule 
Tanker  Missions 

Air  Refueling 

MAAP,  SPINS, 

Intel  Assessment, 
Airlift 

Requirements 

Tanker  Schedule 

OP2.1.4,  OP6.1.1, 

ST  4.3.1 

Prepare  MAAP 
Inputs 

Air  Refueling 

Tanker  Schedule 

MAAP  Inputs 

OP2.1.4,  OP6.  l.l, 

ST  4.3.1 

Plan  and  Schedule 
Airlift  Missions 

AME 

Intel  Assessment, 
Weather  Forecast, 
Airfield  Capability 
Assessment,  ACO 
and  SPINS 

Airlift  Schedule 

ST  4.3.1 

Mission  Essential  Tasks 


OP 

2.1.1 

OP 

1 

2.1.3 

OP 

2.1.4 

OP 

i 

2.2.4 

OP 

j 

3.1.2 

OP 

3.1.5 

OP 

6.1.1 

OP 

6.1.3 

ST 

4.3.1 

Determine  and  prioritize  operational 
priority  intelligence  requirements. 
Prepare  operational  collection  plan. 
Allocate  intelligence  resources  in  the 
joint  operations  area. 

Determine  logistical  capability  of  the 
joint  operations  area. 

Apportion  joint/multinational 
operational  firepower  resources. 
Publish  air  tasking  order(s). 
Process/allocate  operational 
aerospace  targets. 

Provide  airspace  control. 

Establish  and  coordinate  movement 
services  within  theater. 


Table  12a,  Operational  Task/System  Function  Associations 


Operational  Task 

System  Functions 

Plan  and  Schedule  Tanker  Missions 

1.  Retrieve  Airlift  Requirements 

2.  Plan  Tanker  Missions 

3.  Schedule  Tanker  Missions 

Prepare  MAAP  Inputs  (Air  Refueling) 

1.  Retrieve  Airlift  Requirements 

2.  Plan  Tanker  Missions 

3.  Generate  Component  MAAP  Inputs 

Plan  and  Schedule  Airlift  Missions 

1.  Generate  Wreather  Forecast 

2.  Retrieve  Strategic  Mobility  Information 

3.  Schedule  Airlift  Missions 
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Multi-Layer  Model  Problem  Domain 


Mission 

View 


Operational 

View 


Systems 

View 
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OV  Layer 
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SV  Layer 


■ 
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Top-Down  Analysis 


•  Starts  at  the  mission  layer 

•  Identifies  all  operational  tasks  and  system 
functions  that  help  complete  a  mission 
essential  task 

•  Supporting  operational  nodes,  systems,  and 
networks  are  also  identified 


ST  4.3.1:  Establish  and  C 
Movement  Services  withi 

i* - ? - 

/  / 


/  i 


U.S.  Secret  Network 


Theater 


F 
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Bottom-up  Analysis 


•  Starts  at  a  network  device  (server,  router,  etc.) 

•  Identifies  affected  system  functions  (either  on 
server  or  receive  inputs  from  server) 

•  Affected  operational  and  mission  essential 
tasks  can  then  be  identified 
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Results 


•  Mission  impact  of  network  and  system  outages 
clearly  demonstrated 

-All  operational  nodes,  systems,  tasks,  and 
functions  clearly  identified 

-  Operational  and  mission  essential  tasks  affected 
by  an  outage  completely  identified 

•  Traceability  through  all  layers  of  the  model 

•  Usable  for  top-down  and  bottom-up  analysis 

•  General  methodology  with  broad  applicability 
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Areas  for  Future  Research 


•  Automating  data  input... cannot  rely  on  manual  inputs 

-  Self-awareness 

•  How  to  handle  degradation? 

-  Network  connectivity  degradation,  but  services  are 
available  locally 

-  Specific  service  may  be  down,  but  the  network  is  green 

•  Determining  Resource  Criticality 

-  Different  users,  different  times,  different  priorities 

-  Weighting  and  probabilities  of  degradation  /  destruction 

•  New  Architectures 

-  Modeling  Network  Virtualization 

-  Service  Oriented  Architectures 

•  Cyberspace  situational  awareness 
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Map  &  Mission  Context 


•  What  does  cyberspace  “look  like” 

-  Common  Operational  Picture 

-  Traceability  to  real  world  missions 

•  Cyberspace  changes  depending  on  how  you  look  at  it 

-  Is  multi-dimensional... has  many  aspects 

-  Is  a  medium  of  operations  (like  air,  land,  and  sea) 

-  Supports  operations  in  the  physical  domain  (air,  land,  sea) 

•  Cyberspace  is  all  about  collecting,  processing,  and  exchange 
of  information 

-  Has  various  layers  of  abstraction... just  like  information 

-  The  value  /  nature  of  information  depends  on  where  you  sit  and  why 
you  need  it 
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Cyberspace  Situational  Awareness 


Processes 


are  performed  by 


n 


perform 


People 


use 


it 


used  by 


Applications - 


are  supported  by 


it 


provide  support  for 


Systems 


communicate  using 


it  used  to 


communicate  between 


'Physical  Network 


Multi-layer  model  for  NCO 


Mission"/  Task 


Subordinate  Tasks 


Organizations  - 


Communities  of  Interest 


People  /  Users 


Systems  /  Applications 


Network  Arch  (virtual) 


Network  Arch_(physica  I) 


Depending  on  your  function, 
your  desired  “map”  of 
cyberspace  (i.e.,  what  you 
care  about)  is  different 


•  Cyberspace  as  domain  of  ops  (attack/defend)  -  each  layer  is  an  avenue  for  attack  and  we 
need  to  understand  linkages  for  targeting,  damage  assessment,  etc. 

•  Cyberspace  as  supporting  mfrastructure  -  need  clear  mapping  of  cyber  assets  to  physical 
world  missions,  tasks,  organizations,  etc. 
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Questions? 
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